nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ns1-proddns.glbdns.o365filtering.com unreachable?

From: Peter van Dijk <peter.van.dijk () powerdns com>
Date: Wed, 06 Jul 2022 12:15:31 +0200
On Wed, 2022-07-06 at 11:49 +0200, Stephane Bortzmeyer wrote:

On Wed, Jul 06, 2022 at 11:37:40AM +0200,
 Bjoern Franke via NANOG <nanog () nanog org> wrote 
 a message of 10 lines which said:


<tenant>.mail.protection.outlook.com seems to throw servfails.


The authoritative name servers for this domain do not handle EDNS
(which was specified only 23 years ago) so the resolvers that do not
fallback on EDNS (probably the majority) return a SERVFAIL.


While it is true that their auths do not handle EDNS, they cover that
by responding with FORMERR without an EDNS section. All resolvers
should in fact fall back.


From what I can tell, the real problem is that these servers barely

respond at all - so little that it's easy to conclude that EDNS is the
reason, but without EDNS responses are just as sporadic.

So, in short, they have a DNS responding problem; their bad handling of
EDNS makes that worse, because now a resolver needs to get two queries
(one with EDNS, then one without) through to them before resolving
something - and then it is rewarded with a 10 second TTL!

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
Previous By Date Next
Previous By Thread Next

Current thread: